diff --git a/html/class_passwordRecovery.inc b/html/class_passwordRecovery.inc
index 94c42913dc9e0e37052daf3285c5ec1d8daf7863..5f95dc3e7d2837c2c9601a714c22198249a1de57 100644
--- a/html/class_passwordRecovery.inc
+++ b/html/class_passwordRecovery.inc
@@ -151,20 +151,16 @@ class standAlonePage {
$smarty = get_smarty();
/* Check for SSL connection */
- $ssl = "";
- $smarty->assign("ssl", "");
- if (!isset($_SERVER['HTTPS']) || !stristr($_SERVER['HTTPS'], "on")) {
- if (empty($_SERVER['REQUEST_URI'])) {
- $ssl = "https://".$_SERVER['HTTP_HOST'].$_SERVER['PATH_INFO'];
- } else {
- $ssl = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
- }
+ $ssl = '';
+ $smarty->assign('ssl', '');
+ if (!sslOn()) {
+ $ssl = sslUrl();
/* If SSL is forced, just forward to the SSL enabled site */
- if ($config->get_cfg_value("forcessl") == 'TRUE') {
+ if ($config->get_cfg_value('forcessl') == 'TRUE') {
header("Location: $ssl");
exit;
- } elseif ($config->get_cfg_value("warnssl") == 'TRUE') {
+ } elseif ($config->get_cfg_value('warnssl') == 'TRUE') {
/* Display SSL mode warning? */
$smarty->assign ('ssl', sprintf(_('Warning: <a href="%s">Session is not encrypted!</a>'), $ssl));
}
@@ -175,20 +171,30 @@ class standAlonePage {
function getPageURL()
{
- $pageURL = "http";
- if (isset($_SERVER['HTTPS']) && ($_SERVER["HTTPS"] == "on")) {
- $pageURL .= "s";
+ $protocol = 'http';
+ if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) {
+ $protocol .= 's';
}
- $pageURL .= '://';
+ $port = '80';
if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
- $pageURL .= $_SERVER['HTTP_X_FORWARDED_HOST'];
- } else {
- $pageURL .= $_SERVER['SERVER_NAME'];
- if ($_SERVER['SERVER_PORT'] != '80') {
- $pageURL .= ':'.$_SERVER['SERVER_PORT'];
+ $host = $_SERVER['HTTP_X_FORWARDED_HOST'];
+ if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) {
+ $port = $_SERVER['HTTP_X_FORWARDED_PORT'];
+ }
+ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+ $protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'];
}
+ } else {
+ $host = $_SERVER['SERVER_NAME'];
+ $port = $_SERVER['SERVER_PORT'];
+ }
+
+ $pageURL = $protocol.'://';
+ $pageURL .= $host;
+ if ($port != '80') {
+ $pageURL .= ':'.$port;
}
- $pageURL .= $_SERVER["PHP_SELF"];
+ $pageURL .= $_SERVER['PATH_INFO'];
return $pageURL;
}
diff --git a/include/php_setup.inc b/include/php_setup.inc
index ab52ff33b420620fda345c941641bc1a2187fd92..c7901d14e4c6331e97595fe74a699c0a324ab511 100644
--- a/include/php_setup.inc
+++ b/include/php_setup.inc
@@ -273,6 +273,37 @@ function dummy_error_handler()
{
}
+/*! \brief Returns TRUE if SSLĂ‚ was used to contact FD, whether directly or through a proxy
+ */
+function sslOn()
+{
+ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+ return (strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') == 0);
+ }
+ if (isset($_SERVER['HTTPS'])) {
+ return (strcasecmp($_SERVER['HTTPS'], 'on') == 0);
+ }
+ return FALSE;
+}
+
+/*! \brief Returns SSL URL to redirect to
+ */
+function sslUrl()
+{
+ $ssl = 'https://';
+ if (empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
+ $ssl .= $_SERVER['HTTP_HOST'];
+ } else {
+ $ssl .= $_SERVER['HTTP_X_FORWARDED_HOST'];
+ }
+ if (empty($_SERVER['REQUEST_URI'])) {
+ $ssl .= $_SERVER['PATH_INFO'];
+ } else {
+ $ssl .= $_SERVER['REQUEST_URI'];
+ }
+ return $ssl;
+}
+
/* Bail out for incompatible/old PHP versions */
if (!version_compare(phpversion(), PHP_MIN_VERSION, ">=")) {
echo "PHP version needs to be ".PHP_MIN_VERSION." or above to run FusionDirectory. Aborted.";
@@ -312,12 +343,8 @@ $smarty->assign('js_files', array());
$smarty->php_handling = Smarty::PHP_REMOVE;
/* Check for SSL connection */
-$ssl = "";
-if (!(isset($_SERVER['HTTPS']) && stristr($_SERVER['HTTPS'], "on"))) {
- if (empty($_SERVER['REQUEST_URI'])) {
- $ssl = "https://".$_SERVER['HTTP_HOST'].$_SERVER['PATH_INFO'];
- } else {
- $ssl = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
- }
+$ssl = '';
+if (!sslOn()) {
+ $ssl = sslUrl();
}
?>